Julius Ramos Posted January 24, 2006 Share Posted January 24, 2006 Ive been working for this for a month but i stop it because of some limatation of autoit. but if you like to continue this i woul like to share some idea. 1. traversing registry is more difficult and slow. why you traverse regitry?. its more easy to macth a registry. create a database of registry then check if this registry is exist then delete. 2. for file. donot scan all files. you must have an option. Option : FullScan -> this will more slower. scan all files QuickScan -> faster. because you only macth file found inyour database. 3. for file in process. there is some limitation of autoit for process that has a watchdog. can not close the two process. sample database. SPYWARENAME...REGIRTY...key:::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents...IMAIL SPYWARENAME...FILE...rootdir:::Test...124ADHNR4123213213 you can use MD5 for matching the file. Auto it has no support for MD5 use third party tool. also you can use what ever you like to separate your entry. Goodluck.. julius -----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com Link to comment Share on other sites More sharing options...
markloman Posted April 20, 2006 Share Posted April 20, 2006 Check out Hitman Pro at www.hitmanpro.com. Completely written in AutoIt using the latest AutoIt beta! Link to comment Share on other sites More sharing options...
Bert Posted April 20, 2006 Share Posted April 20, 2006 The site is in Dutch...Still ...It is good stuff! The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
autosc Posted July 26, 2006 Share Posted July 26, 2006 i am interested in this. i use bartpe at work...and spyware/viruses are alot easier to deal with when you remove its files, then you only need to deal with the registry stuff (which theres also tools in bartpe...and then stuff in windows afterward) maybe something like this....i dont think this is completely right...but its a start expandcollapse popup#include <GuiConstants.au3> #Include <process.au3> $tempfile1 = "C:\Spyware_Finder_Temp1.txt" $tempfile2 = "C:\Spyware_Finder_Temp2.txt" $tempfile3 = "C:\Spyware_Finder_Results.txt" Dim $line1 = 1 Dim $line2 = 1 SplashTextOn ( "Scanning", "Scanning Files") _RunDOS("DIR c:\ /s /b > " & $tempfile1) SplashOff () MsgBox(0, "", "Click OK when ready to scan again") _RunDOS("DIR c:\ /s /b > " & $tempfile2) GuiCreate("MyGUI", 392, 239) $edit1 = GuiCtrlCreateEdit("", 10, 30, 370, 80, $WS_VSCROLL) $edit2 = GuiCtrlCreateEdit("", 10, 150, 370, 80, $WS_VSCROLL) $count1 = GuiCtrlCreateLabel("", 10, 10, 90, 20) $count2 = GuiCtrlCreateLabel("", 10, 130, 100, 20) GuiSetState() While 1 $file1 = FileReadLine ($tempfile1, $line1) If @error = -1 Then $file1 = "" $file2 = FileReadLine ($tempfile2, $line2) If @error = -1 Then ExitLoop ;SplashTextOn ( "comparing", $line1 & @LF & $file1 & @LF & @LF & $line2 & @LF & $file2, 500, 250) GUICtrlSetData ( $edit1, $file1) GUICtrlSetData ( $edit2, $file2) GUICtrlSetData ( $count1, $line1) GUICtrlSetData ( $count2, $line2) If $file2 = $file1 Then $line1 += 1 $line2 += 1 Else If $file2 <> $tempfile2 Then FileWrite($tempfile3, $file2 & @CRLF) $line2 += 1 EndIf Wend Exit After running the command REGEDIT /E c:\reg.txt and after studying the reg.txt i found that trace of uninstalled programs remain in the Registry : with a biginning like this ..... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall my question is : Can i easy remove them competely with the compare featured with the autoscript which is featured here ..... without reediting the Regisry manually ? Secondly , when you remove the difference of files ....How can you avoid deleting which is not to be deleted ? thanks .... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now